The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.
nss: Use-after-free in sftk_FreeSession due to improper refcounting (CVE-2019-11756)
nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read (CVE-2020-12403)
An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. (CVE-2016-9074)
nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA. (CVE-2016-9574)
Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker. (CVE-2017-7502)
During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. (CVE-2017-7805)
A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41. (CVE-2018-12404)
In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service. (CVE-2018-18508)
When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
(CVE-2019-11719)
A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68. (CVE-2019-11727)
Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. (CVE-2019-11729)
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-11745)
After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72. (CVE-2019-17023)
NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. (CVE-2020-12399)
When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80. (CVE-2020-12400)
During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80. (CVE-2020-12401)
During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes.
Note: An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78. (CVE-2020-12402)
The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites. (CVE-2020-12413)
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58. (CVE-2020-25648)
When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80. (CVE-2020-6829)
Note that Nessus has not tested for these issues but has instead relied on the package manager’s report that the package is installed.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory nss. The text
# itself is copyright (C) Red Hat, Inc.
##
include('compat.inc');
if (description)
{
script_id(195596);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/11");
script_cve_id(
"CVE-2016-9074",
"CVE-2016-9574",
"CVE-2017-7502",
"CVE-2017-7805",
"CVE-2018-12404",
"CVE-2018-18508",
"CVE-2019-11719",
"CVE-2019-11727",
"CVE-2019-11729",
"CVE-2019-11745",
"CVE-2019-11756",
"CVE-2019-17023",
"CVE-2020-6829",
"CVE-2020-12399",
"CVE-2020-12400",
"CVE-2020-12401",
"CVE-2020-12402",
"CVE-2020-12403",
"CVE-2020-12413",
"CVE-2020-25648"
);
script_name(english:"RHEL 5 : nss (Unpatched Vulnerability)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat 5 host is affected by multiple vulnerabilities that will not be patched.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple
vulnerabilities that have been acknowledged by the vendor but will not be patched.
- nss: Use-after-free in sftk_FreeSession due to improper refcounting (CVE-2019-11756)
- nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read (CVE-2020-12403)
- An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is
addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird < 45.5,
Firefox ESR < 45.5, and Firefox < 50. (CVE-2016-9074)
- nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when
using SessionTicket extension and ECDHE-ECDSA. (CVE-2016-9574)
- Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2
messages resulting into denial of service by remote attacker. (CVE-2017-7502)
- During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data
is used for later messages but in some cases, the handshake transcript can exceed the space available in
the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old,
freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can
result in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4,
and Thunderbird < 52.4. (CVE-2017-7805)
- A cached side channel attack during handshakes using RSA encryption could allow for the decryption of
encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack)
and affects all NSS versions prior to NSS 3.41. (CVE-2018-12404)
- In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a
crash due to a null dereference, resulting in a Denial of Service. (CVE-2018-18508)
- When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger
an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information
disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
(CVE-2019-11719)
- A vulnerability exists where it possible to force Network Security Services (NSS) to sign
CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in
CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This
vulnerability affects Firefox < 68. (CVE-2019-11727)
- Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly
sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox
< 68, and Thunderbird < 60.8. (CVE-2019-11729)
- When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the
block size, a small out of bounds write could occur. This could have caused heap corruption and a
potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and
Firefox < 71. (CVE-2019-11745)
- After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting
in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming
Application Data records will be ignored. This vulnerability affects Firefox < 72. (CVE-2019-17023)
- NSS has shown timing differences when performing DSA signatures, which was exploitable and could
eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox
ESR < 68.9. (CVE-2020-12399)
- When converting coordinates from projective to affine, the modular inversion was not performed in constant
time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80
and Firefox for Android < 80. (CVE-2020-12400)
- During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar
multiplication was removed, resulting in variable-time execution dependent on secret data. This
vulnerability affects Firefox < 80 and Firefox for Android < 80. (CVE-2020-12401)
- During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean
Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform
electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes.
*Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected,
but products built on top of it might. This vulnerability affects Firefox < 78. (CVE-2020-12402)
- The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate
this vulnerability, Firefox disabled support for DHE ciphersuites. (CVE-2020-12413)
- A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a
remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the
NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS
versions before 3.58. (CVE-2020-25648)
- When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which
leaked partial information about the nonce used during signature generation. Given an electro-magnetic
trace of a few signature generations, the private key could have been computed. This vulnerability affects
Firefox < 80 and Firefox for Android < 80. (CVE-2020-6829)
Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package
is installed.");
script_set_attribute(attribute:"solution", value:
"The vendor has acknowledged the vulnerabilities but no solution has been provided. Refer to the vendor for remediation
guidance.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11756");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2020-12403");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vendor_unpatched", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/11/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/05/11");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:firefox");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mingw-nss");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:redhat-virtualization-host");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhvm-appliance");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:thunderbird");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item("global_settings/vendor_unpatched"))
exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '5')) audit(AUDIT_OS_NOT, 'Red Hat 5.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'pkgs': [
{'reference':'firefox', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'unpatched_pkg':'firefox', 'cves':['CVE-2019-11719', 'CVE-2019-11729', 'CVE-2020-12399']},
{'reference':'nss', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'nss', 'cves':['CVE-2016-9074', 'CVE-2016-9574', 'CVE-2017-7502', 'CVE-2017-7805', 'CVE-2018-12404', 'CVE-2018-18508', 'CVE-2019-11727', 'CVE-2019-11745', 'CVE-2019-11756', 'CVE-2019-17023', 'CVE-2020-6829', 'CVE-2020-12399', 'CVE-2020-12400', 'CVE-2020-12401', 'CVE-2020-12402', 'CVE-2020-12403', 'CVE-2020-12413', 'CVE-2020-25648']},
{'reference':'thunderbird', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'unpatched_pkg':'thunderbird', 'cves':['CVE-2020-12399']}
]
}
];
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);
foreach var pkg ( constraint_array['pkgs'] ) {
var unpatched_pkg = NULL;
var _release = NULL;
var sp = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['unpatched_pkg'])) unpatched_pkg = pkg['unpatched_pkg'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (unpatched_pkg &&
_release &&
(!exists_check || rpm_exists(release:_release, rpm:exists_check)) &&
unpatched_package_exists(release:_release, package:unpatched_pkg, cves: cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : unpatched_packages_report()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox / nss / thunderbird');
}
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | enterprise_linux | 5 | cpe:/o:redhat:enterprise_linux:5 |
redhat | enterprise_linux | 6 | cpe:/o:redhat:enterprise_linux:6 |
redhat | enterprise_linux | 7 | cpe:/o:redhat:enterprise_linux:7 |
redhat | enterprise_linux | 8 | cpe:/o:redhat:enterprise_linux:8 |
redhat | enterprise_linux | firefox | p-cpe:/a:redhat:enterprise_linux:firefox |
redhat | enterprise_linux | mingw-nss | p-cpe:/a:redhat:enterprise_linux:mingw-nss |
redhat | enterprise_linux | nss | p-cpe:/a:redhat:enterprise_linux:nss |
redhat | enterprise_linux | redhat-virtualization-host | p-cpe:/a:redhat:enterprise_linux:redhat-virtualization-host |
redhat | enterprise_linux | rhvm-appliance | p-cpe:/a:redhat:enterprise_linux:rhvm-appliance |
redhat | enterprise_linux | thunderbird | p-cpe:/a:redhat:enterprise_linux:thunderbird |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9574
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7502
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7805
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11719
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11727
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11756
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12400
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12401
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12403
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12413
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25648
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6829